Department of Applied Mathematics and Computer Science, Technical University of Denmark, www.compute.dtu.dk/english would like to invite applications for two Postdoc positions of each 18 months, both starting 1 January 2014 or soon thereafter. The topic of the project is lightweight cryptology, which regards scenarios involving strongly resource-constrained devices.

Candidates for the first postdoc position should have a strong cryptanalytic and mathematical background and be able to analyze the security of ciphers to be designed. Candidates for the second postdoc should have a solid background in hardware design and automation and be able to work on the physical constraints and optimization of the hardware implementations.

Applications are invited for Lectureships in Secure Digital Systems to undertake research in Data, Network and/or Malware security within the Centre for Secure Information Technologies (CSIT), which is part of the School of Electronics, Electrical Engineering and Computer Science (EEECS). Candidates will also be required to undertake lecturing duties at undergraduate and post-graduate level and to actively engage in major research with industry.

Applicants must have at least a 2:1 Honours Degree (or equivalent) in Electrical and Electronics Engineering, Computer Science, Mathematics or closely related discipline and a PhD, or expect, within 6 months, to obtain a PhD, in a relevant subject. Evidence of high quality research in a relevant field commensurate with stage of academic career, or extensive industrial experience in a relevant area, is essential. Applicants with research expertise in one or more of the following areas are strongly encouraged to apply: applied cryptography, side channel analysis, security protocols, malware/botnet analysis, network forensics, cloud security, threat and attack mitigation, insider threat behaviour, software security.

The goal of general-purpose program obfuscation is to make an arbitrary computer program ``unintelligible\'\' while preserving its functionality. At least as far back as the work of Diffie and Hellman in 1976, researchers have contemplated applications of general-purpose obfuscation. However, until 2013, even heuristic constructions for general-purpose obfuscation were not known.

This changed with the work of Garg, Gentry, Halevi, Raykova, Sahai, and Waters ({FOCS 2013}), which gave the first candidate construction of general-purpose obfuscation. The heart of their construction is an obfuscator for log-depth (\\textbf{NC$^1$}) circuits, building upon a simplified subset of the Approximate Multilinear Maps framework of Garg, Gentry, and Halevi ({Eurocrypt 2013}) that they call Multilinear Jigsaw Puzzles.

Given the importance of general-purpose obfuscation, it is imperative that we gain as much confidence as possible in candidates for general-purpose obfuscation. In this work, we focus on the following question: Do there exist \\emph{algebraic} attacks (a.k.a. generic multilinear attacks) against candidate constructions of general-purpose obfuscation? Indeed, Garg \\emph{et al.} posed

the problem of proving that there exist no generic multilinear attacks against their core \\textbf{NC$^1$} scheme as a major open problem in their work. Solving this problem will give us essential evidence that mathematical approaches to general purpose obfuscation introduced by Garg \\emph{et al.} are sound.

This problem was first addressed in the recent work of Brakerski and Rothblum (eprint 2013), who constructed a variant of the Garg \\emph{et al.} candidate obfuscator, and proved that it achieves the strongest definition of security for general-purpose obfuscation --- Virtual Black Box (VBB) security --- against

all generic multilinear attacks, albeit under an unproven assumption they introduce as the Bounded Speedup Hypothesis, which strengthens the Exponential Time Hypothesis.

In this work, we resolve the open problem of Garg \\emph{et al.} completely, by removing the need for this additional assumption. More specifically, we describe

a different (and arguably simpler) variant of the construction of Garg \\emph{et al.}, for which we can prove that it achieves Virtual Black Box security against

The 2013 Election for Directors and Officers of the IACR Board and
the Referendum on Bylaws Amendments are open from October 1st until
November 15, 2013.
All 2013 members of the IACR (generally, people who attended an IACR
conference or workshop in 2012) should receive voting
credentials from system@heliosvoting.org
sent to their email address
of record with the IACR on October 1st, 2013.

The block cipher used in the Chinese Wireless LAN Standard (WAPI), SMS4, was recently renamed as SM4, and became the block cipher standard issued by the Chinese government. This paper improves the previous linear cryptanalysis of SMS4 by giving the first 19-round one-dimensional approximations. The 19-round approximations hold with bias 2^{−62.27}; we use one of them to leverage a linear attack on 23-round SMS4. Our attack improves the previous 23-round attacks by reducing the time complexity. Furthermore, the data complexity of our attack is further improved by the multidimensional linear approach.

For securing databases outsourced to the cloud, it is important to allow cloud users to verify that their queries to the cloud-hosted databases are correctly executed by the cloud. Existing solutions on this issue suffer from a high communication cost, a heavy storage overhead or an overwhelming computational cost on clients. Besides, only simple SQL queries (e.g., selection query, projection query, weighted sum query, etc) are supported in existing solutions. For practical considerations, it is desirable to design a client-verifiable (or publicly verifiable) aggregation query scheme that supports more flexible queries with affordable storage overhead, communication and computational cost for users. This paper investigates this challenging problem and proposes an efficient publicly verifiable aggregation query scheme for databases outsourced to the cloud. By designing a renewable polynomial-based authentication tag, our scheme supports a wide range of practical SQL queries including polynomial queries of any degrees, variance query and many other linear queries. Remarkably, our proposed scheme only introduces constant communication and computational cost to cloud users. Our scheme is provably secure under the Static Diffie-Hellman problem, the t-Strong Diffie-Hellman problem and the Computational Diffie-Hellman problem. We show the efficiency and scalability of our scheme through extensive numerical analysis.

We consider applications involving a number of servers in the cloud that go through a sequence of online periods where the servers communicate, separated by offline periods where the servers are idle. During the offline periods, we assume that the servers need to

securely store sensitive information such as cryptographic keys. Applications like this include many cases where secure multiparty computation is outsourced to the cloud, and in particular

a number of online auctions and benchmark computations with confidential inputs. We consider fully autonomous servers that switch between online and offline periods without communicating with anyone from outside the cloud, and semi-autonomous

servers that need a limited kind of assistance from outside the cloud when doing the transition. We study the levels of security one can - and cannot - obtain in this model, propose light-weight protocols achieving maximal security, and report on their practical performance.

We revisit the estimation of parameters for use in applications of the BGV homomorphic encryption system, which generally require high dimensional lattices. In particular, we utilize the BKZ-2.0 simulator of Chen and Nguyen to identify the best lattice attack that can be mounted using BKZ in a given dimension at a given security level. Using this technique, we show that it should be possible to work with lattices of smaller dimensions than previous methods have recommended, while still maintaining reasonable levels of security. As example applications we look at the evaluation of AES via FHE operations presented at Crypto 2012, and the parameters for the SHE variant of BGV used in the SPDZ protocol from Crypto 2012.